Frequent/Continuous Audits

We're auditing all our smart contracts frequently and use a combination of public auditing (like Code4rena) and private auditing firms like Quantstamp and Spearbit. Read up on our audits.

Over the past two years, we've been working with auditors from Spearbit on a monthly retainer. That means every single change is being reviewed before deployment. These on-to-go audits don't produce any sharable audit reports. The auditors are essentially part of our organization and daily developer operations.

Bug Bounty Program: $1.000.000 USD

LI.FI has set up a $1 Mio. USD bug bounty program via Immunefi. We want to ensure people are incentivized to report vulnerabilities and help us become more secure.

Pentested API and Infrastructure

Our API, as well as our backend infrastructure, are getting black-box and white-box pentested. Reports can be shared on request.

Bridge Risk Assessment

We have a full-time researcher analyzing bridges in depth. We're publishing our results on our blog. Take, for example, this 40+ page arbitrary messaging bridge comparison framework. We compare our results against public frameworks from sources like L2Beat, and work with companies like Consensys on in-depth bridge risk assessment.

Asset Risk Assessment

In a multi-chain world, bridges also affect the overall asset risk. Thus, we partnered up with Go+ Security to enrich our supported assets with their token vetting information.

SSL Encrypted Communication

Understand the quality of our SSL encryption. On-demand, we can also support custom certificates and encryption mechanics.

Submission of Security Reports outside the Bug Bounty Program

Please contact our community team on Discord to learn how to submit security issues you found. Please provide enough information to allow us to verify the issue quickly.